Endpoint Protection

I recently setup the End Point Protection Manager and deployed a client to a Windows 2008 server. The deployment was sucessful and when I came in this morning the client was in fact installed on the server.  So far so good.  However when I go into troubleshooting and check the status of the client I see "Server: Offline".  Not sure why this is happening.  The Group shows up as I asked: My Company\Servers.  So obviously some form of communication has happend.

I've searched around but it doesn't seem like anyone has a direct solution to this problem. 

Client: Server 2008 SP1
Management Server: Server 2008 SP2

Thanks

Hi,

      Please check the Firewall settings on both the 2008 machines. If its enabled try disabling it on both machines and check whether they are able to communicate with each other if yes then configure the firewall for the endpoint ports.



The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.

Client-Server Communication:
For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.

Remote Console:
9090 is used by the remote console to download .jar files and display the help pages.
8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.

Client-Enforcer Authentication:
The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

Please chec the following link :  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

This happens due to the inproper policy updation. Try these setps:
1.Copy the sylink.xml file from the SEPM machine. The location is C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Data\outbox\Agent\Click any of the numerical folder\Copy the sylink from there. Save it in any media or share it in network.
2.Go to the client machine where the server is offline.
3.Go to Run\Type smc -stop
4. Paste the sylink.xml in C:\Program Files\Symantec\Symantec Endpoint Protection
5. It will ask u for the replacement of the file, just replace it.
6.Go to Run\Type smc -start.
7.Now check the server name.
8.In the management console you may not find these clients in the desired grouop, just check the default group and move them in desired group.


Ajit

Just for anyone else trying to troubleshoot this and it's not firewall related try the following I got from support.

Please perform the test mentioned in the following link to see if the SEP client is communication with the SEP Manager.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007101711140148
Note: The test needs to be run on the client.

If the test fails, please follow the below steps:

1. Login to Symantec Endpoint Protection Manager (SEPM)
2. On the left side, click on Clients
3. Highlight the Group where Clients are reporting and then, click on the “Details” tab
4. Note the Policy No. (1st 4 characters)
5. Browse to the SEPM installed location i.e.
C:\Program files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\
6. Open the foldername which begins with the above noted Policy No. (1st 4 characters)
7. Copy the Sylink.xml file from the above mentioned folder to the client computer's Desktop for now
8. On the Client machine, Click Start > Run and type: "smc -stop" (without quotes) and click OK
9. Copy the “Sylink.xml” in to the SEP Client install folder (default location is C:\Program Files\Symantec\Symantec Endpoint Protection. It may differ to C:\Program Files\Symantec Antivirus, if upgraded from SAV-CE)
10. Agree to over-write the existing file
11. Click Start > Run and type: "smc -start" (without quotes) and click OK

Thanks for the info

I just had to do an emergency rebuild of my SEPM server.  Fortunately, I had backed up the database.

Reinstall and restoration of the SEPM database went fine but my clients do not show the green dot or communicate with the server.

The method suggested above might work for a few clients - not 800.

Any suggestions would be welcome.

Thank you.

Dean Pittenger
Computer Resouce Unit
WSU CAHNRS and Extension
Pullman, WA

You can download & run the sylink replacer file. But before that did you tried to backup the server certificate after restoring the Database? if yes then use the sylink replacer utility to replace the sylink file.

kavin

Thanks - I had a real "Duh" moment there - I had forgot to restore the server certificate...  That seems to have taken care of the issue.

Dean